$config["id_user"],
'id_incident' => $id_inc,
'nota' => $nota);
$id_nota = process_sql_insert('tnota', $values);
if ($id_nota !== false) {
process_incidents_touch ($id_inc);
}
print_result_message ($id_nota,
__('Successfully added'),
__('Could not be added'));
}
// Delete note
if (isset ($_POST["delete_nota"])) {
$id_nota = get_parameter_post ("delete_nota", 0);
$note_user = get_incidents_notes_author ($id_nota);
if (((check_acl ($config["id_user"], $id_grupo, "IM") == 1) OR ($note_user == $config["id_user"])) OR ($id_owner == $config["id_user"])) {
// Only admins (manage incident) or owners can modify
// incidents notes. note authors are
// able to delete their own notes
$result = delete_incidents_note ($id_nota);
if (!empty ($result)) {
process_incidents_touch ($id_inc);
}
print_result_message ($id_nota,
__('Successfully deleted'),
__('Could not be deleted'));
}
}
// Delete file
if (((check_acl ($config["id_user"], $id_grupo, "IM")==1) OR ($id_owner == $config["id_user"])) AND isset ($_POST["delete_file"])) {
$file_id = (int) get_parameter_post ("delete_file", 0);
$filename = get_db_value ("filename", "tattachment", "id_attachment", $file_id);
$result = process_sql_delete('tattachment', array('id_attachment' => $file_id));
if (!empty ($result)) {
unlink ($config["attachment_store"]."/pand".$file_id."_".$filename);
process_incidents_touch ($id_inc);
}
print_result_message ($result,
__('Successfully deleted'),
__('Could not be deleted'));
}
// Upload file
if ((check_acl ($config["id_user"], $id_grupo, "IW") == 1) AND isset ($_GET["upload_file"]) AND ($_FILES['userfile']['name'] != "")) {
$description = get_parameter_post ("file_description", __('No description available'));
// Insert into database
$filename = safe_input ($_FILES['userfile']['name']);
$filesize = safe_input ($_FILES['userfile']['size']);
//The following is if you have clamavlib installed
//(php5-clamavlib) and enabled in php.ini
//http://www.howtoforge.com/scan_viruses_with_php_clamavlib
if (extension_loaded ('clamav')) {
cl_setlimits (5, 1000, 200, 0, 10485760);
$malware = cl_scanfile ($_FILES['file']['tmp_name']);
if ($malware) {
$error = 'Malware detected: '.$malware.'
ClamAV version: '.clam_get_version();
die ($error); //On malware, we die because it's not good to handle it
}
}
$values = array(
'id_incidencia' => $id_inc,
'id_usuario' => $config["id_user"],
'filename' => $filename,
'description' => $description,
'size' => $filesize);
$id_attachment = process_sql_insert('tattachment', $values);
// Copy file to directory and change name
if ($id_attachment !== false) {
$nombre_archivo = $config["attachment_store"]."/pand".$id_attachment."_".$filename;
$result = copy ($_FILES['userfile']['tmp_name'], $nombre_archivo);
}
else {
echo '